From owner-freebsd-security Fri Sep 17 19:59:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15]) by hub.freebsd.org (Postfix) with ESMTP id 592DA14E6C; Fri, 17 Sep 1999 19:59:48 -0700 (PDT) (envelope-from green@FreeBSD.org) Received: from localhost (green@localhost) by janus.syracuse.net (8.9.3/8.8.7) with ESMTP id WAA83493; Fri, 17 Sep 1999 22:58:30 -0400 (EDT) X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs Date: Fri, 17 Sep 1999 22:58:30 -0400 (EDT) From: "Brian F. Feldman" X-Sender: green@janus.syracuse.net To: Matthew Dillon Cc: Garrett Wollman , Bosko Milekic , Stas Kisel , avalon@coombs.anu.edu.au, freebsd-hackers@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: mbuf shortage situations (followup) In-Reply-To: <199909132017.NAA25509@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 13 Sep 1999, Matthew Dillon wrote: > The case that is causing the panics is with the non-interrupt mbuf > allocation mechanism. Specifically, the case where M_WAIT is used. > > The second problem under discussion, which really ought to be separated > out from the mbuf panic problem, is the potential for a deadlock or > denial of service attack when the system is attacked in a manner that > eats all available mbufs. > The traditional way to prevent resource-starvation DoSes from the user populus has been to add administrative limits. Using RLIMIT_SBSIZE does this nicely. Yes, this isn't actually fixing the panics, but it is good preventative medicine. > -Matt > Matthew Dillon > > -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message